** against [[Benutzer:mzeltner]] - not because of technical reasons, but ones that I'd prefer Metalab not have infrastructure set up in which someone speaks for or as the organisation.

** against [[Benutzer:mzeltner]] - not because of technical reasons, but ones that I'd prefer Metalab not have infrastructure set up in which someone speaks for or as the organisation.

+

** [[Benutzer:reox]] icbw but submission should be used for mailservers that hold mailboxes, not for relays. they should use port 25. only use it if pop/imap is implemented

+

** for [[Benutzer:reckoner]] - Could be just mail forwarding service without storage attached to mailbox.

* POP(110, 995) or IMAP(143, 993) Services?

* POP(110, 995) or IMAP(143, 993) Services?

** against [[Benutzer:hop]]

** against [[Benutzer:hop]]

** against [[Benutzer:mzeltner]] - adding complexity

** against [[Benutzer:mzeltner]] - adding complexity

+

** for [[Benutzer:red667]] - mailserverice for members, so less people use gmail, hotmail, ... - cryptohardening is useless if the data is at a place without control

+

** for [[Benutzer:reckoner]] - only in the form of super-encrypted paid-only mailboxes for paranoid members with funds going to Metalab support.

* gitweb.cgi

* gitweb.cgi

** for [[Benutzer:mzeltner]] - give people the option to avoid GitHub? Decentralised structure and all… With <code>git http-push</code> (WebDAV) support that uses the same credentials as the wiki or mos? Because we don't need lots of people with shell access.

** for [[Benutzer:mzeltner]] - give people the option to avoid GitHub? Decentralised structure and all… With <code>git http-push</code> (WebDAV) support that uses the same credentials as the wiki or mos? Because we don't need lots of people with shell access.

** prosody nightly builds for 0.9 are stable and have reasonable SSL settings - ah, but: [http://web.jabber.ccc.de/?p=440 Prosody is still single-threaded, which makes it impossible to use for large server deployments] --[[Benutzer:Mzeltner|Mzeltner]] ([[Benutzer Diskussion:Mzeltner|Diskussion]])

* Check ALL the Certificates for ALL the services. Acquire certificates for services that do not yet have one. (Basically do not host any unencrypted services anymore)

* Check ALL the Certificates for ALL the services. Acquire certificates for services that do not yet have one. (Basically do not host any unencrypted services anymore)

for Benutzer:red667 - mailserverice for members, so less people use gmail, hotmail, ... - cryptohardening is useless if the data is at a place without control

for Benutzer:reckoner - only in the form of super-encrypted paid-only mailboxes for paranoid members with funds going to Metalab support.

gitweb.cgi

for Benutzer:mzeltner - give people the option to avoid GitHub? Decentralised structure and all… With git http-push (WebDAV) support that uses the same credentials as the wiki or mos? Because we don't need lots of people with shell access.

Provide forward secrecy for all services by using modern ciphers (EDH)

Discuss the use of ECC as the only widely implemented curves are known and deliberately weakened curves specified by NIST. (secp256r1, secp385r1). Pepi recommends not to use ECC with NIST curves if possible but provide (p)fs by using DHE (works with all current browsers except for Internet Explorer which only supports forward secrecy using ECDHE on Vista an newer.)

Update Mediawiki to the current release

Update Trac to the current release

Check validity of ALL certificates and set up reminders to renew them. Find at least two persons who are volunteering to take care of that as well!